Re: Security: Better secure defaults?

I would like to be able to define core specific permissions with rule-based authorization in security.json in the same way you can do for collections. Thomas Op do 6 mei 2021 om 23:25 schreef David Smiley : > I'm reaching out to our user community to get opinions on what Solr should > do to be m

Re: Content search and applying ACL

After upgrading our Solr to 8.8 from 7.2, I've tested out the *score=none*, and *method=toplevelDV* with two collections. The first few queries took even longer, the first one took up to 20s as compared to 8s from *method=index*. I guess this is inline with what the docs mentioned about topLevelD

Re: Solr equivalent of relational joins on nested documents

Thanks! I am aware of the examples in the docs but they don't quite answer my specific question about parent/child joins on multiple levels in a general way. Here is a slightly modified example that actually works on ElasticSearch with an equivalent (nested) schema. I can't figure out how to exp

Solr: Get leaderness status of local node

Hi Solr people, I am writing a custom UpdateProcessor, part of a custom plugin, and need to run some code only on the shard leader. This is a plugin, so I cannot access the  DistributedUpdateProcessor.isLeader()  method which is not public. For now I am copying-pasting the below code, but I am thi

Re: Security: Better secure defaults?

I didn't propose a new configuration file, I proposed a "mode". Even if there was some new env-specific file, it would end up being yet another configuration file -- no thanks. Solr still needs solr.xml & solrconfig.xml & schema.xml (and more), plus Jetty's many config files, and they are mostly

Re: Security: Better secure defaults?

> Listen on 0.0.0.0 but only accept traffic from private addresses? Respect x-forwarded-for (and its aliases) in that case. +1 ! Feel free to file a JIRA issue; maybe there is one already. ~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley On Thu, May 6,

Re: Security: Better secure defaults?

> I would like to be able to define core specific permissions with rule-based > authorization in security.json in the same way you can do for collections. PRs/Patches welcome... but I think you're going to have to accept migrating to SolrCloud. SolrCloud has gotten better year over year. ~ David

Re: Solr 8.8.2 childFilter multiple conditions

Subquery is a good idea here too. It's slower but it's also more powerful, more general. I'll try and get SOLR-15156 into 8.9 ~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley On Thu, May 6, 2021 at 3:42 PM Jonathan Bridges wrote: > Thanks David for c